Security Bulletins

1E-2020-2001

Unquoted search path in 1E client

Bulletin ID
1E-2020-2001
Issue Date
Dec 29, 2020
Last Update
Nov 21, 2024
Priority
Important
CVSS
8.8 (High)
Assigned CVE
CVE-2020-27645
Affected Products
1E Client for Windows

1. Vulnerability Details

CVE-ID

CVE-2020-27645

Description

The Inventory module of the 1E Client 5.0.0.745 doesn’t handle an unquoted path when executing %PROGRAMFILES%\1E\Client\Tachyon.Performance.Metrics.exe. This may allow remote authenticated users and local users to gain elevated privileges.

CVSS3.1 Score

Base Score 8.8 (High)

CVSS3.1 Vector String

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Problem type

CWE-428: Uncontrolled Search Path Element

2. Affected products and versions

Product
Versions

1E Client for Windows

5.0.x

Do you want to report a security issue?

TeamViewer’s security team will investigate every submission in our Vulnerability Disclosure Program.